Connect OpenWrt as a client to VPN server l2tp

memmik · April 14, 2023, 9:42pm

Basically the title says it all.

I have an VPN Server running, but I want to connect my raspberry pi with OpenWRT as a client to my VPN Server which uses a L2TP protocol.

But good to know, I have made this raspberry pi with an external wifi antenna. I have followed this video (https://www.youtube.com/watch?v=jlHWnKVpygw&t) to be precise and the settings are almost the same except that I am working with a WireGuard protocol.

But now I want to connect with my own VPN Server (which is a NAS from Synology) with the L2TP protocol.

How do i do this?

Update:
the end goal is that I want my home network accessible for example in Switzerland.

dankatapich · April 15, 2023, 2:34pm

Im not an expert but i think this is what you need:

To connect your Raspberry Pi running OpenWRT to your Synology NAS VPN server using L2TP protocol, you can follow these steps:

Install the xl2tpd package on your Raspberry Pi running OpenWRT by using the command:

opkg update
opkg install xl2tpd

Configure the /etc/xl2tpd/xl2tpd.conf file on your Raspberry Pi by adding the following lines:

[lac myvpn]
lnswan ip <Synology_NAS_IP_Address>
lnsauth = yes
eap = no
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.client
length bit = yes
redial = yes
redial timeout = 5
refuse pap = yes
refuse chap = yes
require authentication = yes
name = <Your_VPN_Username>
password = <Your_VPN_Password>

Replace <Synology_NAS_IP_Address>, <Your_VPN_Username>, and <Your_VPN_Password> with your actual Synology NAS IP address, VPN username, and VPN password.

Create the /etc/ppp/options.l2tpd.client file on your Raspberry Pi by adding the following lines:

require-mschap-v2
require-chap
refuse-eap
refuse-pap
refuse-chap-md5
auth
mtu 1200
mru 1200
crtscts
hide-password
defaultroute
usepeerdns
debug

Restart the xl2tpd service on your Raspberry Pi using the command:

/etc/init.d/xl2tpd restart

Verify that the L2TP tunnel is up by checking the output of the ipsec status and xl2tpd-control status commands.

Regarding the issue with your internet connection and DNS, it is possible that the VPN client configuration has caused a misconfiguration of the network settings. You can try the following steps to troubleshoot the issue:

Verify that your Raspberry Pi is still connected to the network and has a valid IP address assigned.
Check the DNS settings on your Raspberry Pi by running the command:

cat /tmp/resolv.conf.auto

It should contain the IP address of your DNS server. If it is not set correctly, you can try manually setting the DNS server by editing the /etc/config/network file and adding the following lines:

config interface 'wan'
    option dns '<Your_DNS_Server_IP_Address>'

Replace <Your_DNS_Server_IP_Address> with the IP address of your DNS server.

Check the routing table on your Raspberry Pi by running the command:

ip route

It should contain the default route to your internet gateway. If it is missing or incorrect, you can try manually setting the default route by running the command:

ip route add default via <Your_Internet_Gateway_IP_Address>

Replace <Your_Internet_Gateway_IP_Address> with the IP address of your internet gateway.

Finally, you can try restarting the network services on your Raspberry Pi by running the commands:

/etc/init.d/network restart
/etc/init.d/firewall restart

This should reapply the network settings and restart the firewall service.

memmik · April 15, 2023, 2:47pm

Thanks for the reply, i am going to try if this works! I will keep you updated.

Little side question, is it also possible to use SoftEther or not?

dankatapich · April 15, 2023, 2:50pm

Like server or like a client?

memmik · April 15, 2023, 2:51pm

Eventually I want that my VPN server (the nas) sees the OpenWrt (raspberry pi) as a client so I can passthrough the location of my nas to the OpenWrt.

Small update my internet is working again.

memmik · April 15, 2023, 3:01pm

Which commands? Or am I blind

memmik · April 15, 2023, 3:28pm

Unfortunately this doesn't do the trick.

psherman · April 15, 2023, 3:33pm

Is L2TP/IPsec a hard requirement for you?

Wireguard is much easier to configure (and is probably the most popular now due to its performance and ease of use), and even OpenVPN is more common. Although I can only speak for myself insofar as not having any experience with configuring L2TP/IPsec tunnels, my impression is that relatively few of the active forum members have much experience with it, too... so you can also generally get better (more salient) advice if you can use WG or OpenVPN.

memmik · April 15, 2023, 3:36pm

Ah okay, thank you for your response. Because the end goal is that I want my home network accessible for example in Switzerland. And my NAS only works with OpenVPN, PPTP and L2TP. So I thought that L2TP would be better to do this.

NPeca75 · April 15, 2023, 3:37pm

well, i tried l2tp last week and it is worked from LUCI
plain l2tp without IPSEC
only additional requirement was kmod-mppe

tested on OpenWrt 22.03.4

psherman · April 15, 2023, 3:40pm

OpenVPN would be a good option here, then.

FWIW, avoid PPTP entirely... it is not even remotely secure and not suitable for use on the internet.

memmik · April 15, 2023, 3:41pm

Ah okay, well I use version: 21.02.3

memmik · April 15, 2023, 3:41pm

Okay then I will try to configure OpenVPN

memmik · April 15, 2023, 3:46pm

Are there other things I should reckon with?

psherman · April 15, 2023, 3:48pm

I don't understand what you're asking? OpenVPN isn't trivial to setup, but it is well documented. The details of your server configuration depend on the NAS, of course... but generally speaking, the OpenWrt docs on the subject have lots of info for both the server and client sides.

memmik · April 15, 2023, 3:51pm

So the best way is to use OpenVPN if I want access to my home-network? But for example an iPhone doesn't support OpenVPN or am I wrong?

psherman · April 15, 2023, 3:52pm

OpenVPN is supported on most platforms... you just need to install the client app (available for free from the app store on iOS and Android).

But, to be clear, if you're using your NAS's OpenVPN server and the client is your phone, this is not an OpenWrt related topic anymore. If you're setting up the server and/or client on OpenWrt, we're here to help, of course.

memmik · April 15, 2023, 3:54pm

Yeah of course I understand, but the main goal is that I can connect my raspberry (which runs openwrt) with my own VPN server and to have access to my home-network wherever I am

psherman · April 15, 2023, 3:56pm

sure... this is possible with OpenVPN installed on your OpenWrt Pi. In that case, you won't need to use the OpenVPN client on your phone unless you'll be using your phone separately from your Pi.

memmik · April 15, 2023, 10:12pm

Well since I am still a rookie in these kinda stuff. I can use a little help if you guys don't mind .

Because how do I connect to my own VPN server with the OpenWrt GUI?